I've set up a subdomain lists.mydomain.deĀ (and with regex expressions as local part, to have unique email address per list, forgot to do that here...) with soft spf and dmarc policies and that I only use for mailing lists. Then I can use hard failure spf and dkim policies for the domain mydomain.de itself.
Robert Am Freitag, dem 14.07.2023 um 19:28 -0500 schrieb Thomas Cameron: > This kinda raises an important issue. I already have SPF/DMARC/DKIM > set > up. But because I use several mailing lists, I do not have a hard > fail > set up. I get SO many notices when I send email to lists that I'm > really > worried about defining hard failures/rejections. > > But I'll play around with what you suggested. > > Thomas > > On 7/14/23 18:58, David B Funk wrote: > > > > Assuming you own/manage your infrastructure it should be > > straight-forward. > > > > Create SFP records for your domain & SMTP server, set them to > > either > > soft or hard fail mode. > > If you can, also set up DKIM signing of your outgoing mail. > > > > Then create rules that looks for your from address in a message and > > a > > meta which says "if from me & DKIM-fail/SPF-fail hit it hard" > > > > If you can work with the SPF hard fail you will also help to > > improve > > your net reputation as spammers will have a harder time trying to > > "Joe > > Job" you. > > > > > > On Fri, 14 Jul 2023, Thomas Cameron wrote: > > > > > All - > > > > > > I am suddenly getting hammered by a BUNCH of spam that appears to > > > be > > > from me. It scores low, and even though I keep feeding it to > > > Bayes, > > > it's still not hitting the threshold to be marked as spam. > > > > > > When I check the headers, it's coming from multiple random email > > > servers, but many appear to originate from hotmail/outlook.com. > > > So > > > from outlook.com, through some unsecured email server, then to my > > > server. > > > > > > I'm trying to figure out how to block this stuff. Something like > > > "if > > > it appears to come from me, but it's not actually coming from my > > > email server," block it. I don't necessarily think this is a job > > > for > > > SA, but if there's a rule I can tweak or a setting I can change, > > > I'm > > > all ears. > > > > > > Thanks, > > > Thomas > > > > > > > > > -- Robert Senger
